Cybersecurity Bill Sails Through|Senate Despite Privacy Concerns

WASHINGTON (CN) – The U.S. Senate passed a bipartisan cybersecurity bill on Tuesday over concerns from tech companies on the impact the information-sharing provisions in the bill might have on individual privacy. The Cybersecurity Information Sharing Act puts in place voluntary information sharing programs between the federal government, state and local governments as well as private companies and other entities. The bill easily cleared the Senate 74-21 Tuesday night. Democratic presidential hopeful Sen. Bernie Sanders, I-Vermont, was among the notable senators who voted against the bill. “Its voluntary information-sharing provisions are key to defeating cyberattacks and protecting the personal information of the people we represent,” Senate Majority Leader Mitch McConnell, R-Kentucky, said on the floor Tuesday morning. “We also know the bill contains measures to protect civil liberties and individual privacy.” Sen. Diane Feinstein, D-California, said the bill allows companies to share information in an effort to protect their systems from potentially damaging cyberattacks. In a press conference after final passage of the legislation Sen. John McCain, R-Arizona, cited recent attacks at the hands of North Korea and Russia as well as the breach in the Office of Personnel Management to highlight the importance of the bill. “This is a first step of many steps that need to be taken but it is a most important step because it relays predicate for further legislation,” McCain told reporters after the vote. Critics of the bill express concerns over individual privacy protections in the information-sharing network. The Computer & Communications Industry Association, an international nonprofit that advocates for tech companies including Amazon, Netflix, Facebook, Google, eBay and Yahoo came out against the legislation earlier this month. “[The bill’s] prescribed mechanism for sharing of cyber-threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared within the government,” the association wrote in a statement on its website. The American Civil Liberties Union has also denounced the bill, calling it a “privacy-shredding” bill “in cybersecurity clothing” in a March blog post after the bill was reported out of committee. But Sen. Richard Burr, a Republican from North Carolina who sponsored the bill, ensured the Senate did everything possible to protect privacy while strengthening companies’ ability to fend off attacks on the web. The bill will go on to the House for approval and to a conference committee after that before going to the president’s desk. Feinstein was confident after the vote the strong bipartisan consensus in the Senate will allow the bill to go into the conference committee “with a strong hand.” Others in the Senate praised the bill, but admitted it represents just the first step toward more comprehensive cyber protection. Sen. Ron Johnson, R-Wisconsin, said he hoped to see in the future a bill tackling breach-notification policy to make it easier for companies to comply with multiple jurisdictions when reporting information breaches. “It’s not a panacea, but this is really a pretty good first step,” Johnson said.